Privacy Policy

cactuz Inc. (the "Company", "we", "us", or "our") establishes this Privacy Policy (this "Policy") regarding the handling of information about users (the "User Information") of the online video streaming service "THE LESSON" (the "Service") provided by us, as set forth below.

Article 1 (General Provisions)

1. In order to protect User Information, the Company complies with the Act on the Protection of Personal Information (the "APPI") and other related laws and regulations, and endeavors to appropriately handle and protect User Information, including Personal Information (as defined in Article 2, Paragraph 1 of the APPI; hereinafter the same).
2. This Policy applies to the use of the Service. If any of our other website terms, privacy policies, personal information protection policies, terms of service for the Service, or any other documents contain provisions regarding the handling of User Information that conflict with this Policy, this Policy shall prevail.
3. The provision of the Service may involve integration with platform services, communication services, content services, and other web or app services provided by third parties other than the Company (collectively, "Linked Services"). The provisions of this Policy do not apply to Linked Services or any other services provided by parties other than the Company (collectively, "External Services"). For the handling of User Information in External Services, please refer to the privacy policies separately established by the providers of such External Services.

Article 2 (Information We Collect and How We Collect It)

In the Service, the Company collects User Information corresponding to the items set forth in each of the following paragraphs.

1. Information provided by users
   • Name, date of birth, address, phone number, email address, accounts on External Services, and other information requested by the Company.
2. Information the Company collects when the Service is used
   • Log information and information regarding use of the Service
     The IP address automatically generated and stored when the Service is used, and information regarding how users use the Service (such as viewing time and viewing position of specific content).
   • Device information
     Information unique to the device used by the user to access the Service.

The Company shall collect User Information by appropriate means and shall not use deception or other wrongful means. Where the Company collects User Information by methods other than those associated with users' use of the Service, the Company shall publish or notify users in advance of the purpose of use.

Article 3 (Purposes of Use)

The Company shall handle User Information collected through the use of the Service only within the scope of the purposes specified in each of the following paragraphs. The Company shall not use User Information beyond the scope of the stated purposes without the prior consent of the user.

1. To provide the Service, review user registrations, verify users' identities, and prevent unauthorized use
   • Name, date of birth, phone number, email address, log information, information regarding use of the Service, and device information.
2. To customize the content of the Service
   • Information regarding use of the Service and device information.
3. To improve the Service and develop new services
   • Information regarding use of the Service and device information.
4. For Google account authentication and display of user profiles
   • Name, email address, and profile picture obtained from Google.

The Company may change the purposes of use set forth in the preceding paragraph to the extent reasonably deemed to be related to the original purposes. If the purposes are changed, the Company shall notify users or announce the change on the Service or on our website by other readily understandable means.

The Company may process Personal Information collected into Anonymously Processed Information (as defined in Article 2, Paragraph 6 of the APPI) or statistical information such that users can no longer be identified, and may use such information. The Company may also provide such information to third parties after similar processing.

Article 4 (Provision to Third Parties)

1. Although the Company may provide Personal Data of users to third parties in certain cases, as a general rule the Company shall not provide Personal Data to third parties without the prior consent of the user, including in such cases.
2. In addition to the cases set forth in the preceding paragraph, the Company may provide Personal Data to third parties without the user's consent to the extent permitted by applicable laws and regulations, in the following cases:
   1. When the handling of User Information is entrusted in accordance with the provisions of the following Article;
   2. When Personal Data is provided in connection with a business succession due to a merger or any other reason;
   3. When required by law;
   4. When there is a need to protect the life, body, or property of a person, and it is difficult to obtain the consent of the user;
   5. When there is a special need to improve public health or promote the sound growth of children, and it is difficult to obtain the consent of the user;
   6. When cooperation with a national agency, a local government, or a party entrusted by either of them is necessary to carry out affairs prescribed by law, and obtaining the user's consent is likely to impede the performance of such affairs.
3. When the Company provides Personal Data to third parties based on the user's consent, the Company shall create and retain records regarding the following items:
   1. That the user's prior consent has been obtained, and that the Company otherwise has the right to provide the Personal Data;
   2. The name or other information sufficient to identify the third party;
   3. The name of the individual identified by the Personal Data and other information sufficient to identify such individual;
   4. The items of Personal Data provided.

Article 5 (Entrustment of Handling of User Information)

The Company may entrust all or part of the handling of User Information collected from users to third parties to the extent necessary to achieve the purposes of use. In such cases, the Company shall, in advance, enter into a confidentiality agreement or similar agreement with such contractor containing provisions consistent with this Policy, and shall exercise necessary and appropriate supervision over the contractor to ensure the proper security management of User Information.

Article 6 (Joint Use)

The Company may jointly use Personal Data collected from users with business partners or other third parties to the extent necessary for the provision of Linked Services and similar purposes. In such cases, the Company shall, in advance, publish the items or scope of Personal Data to be jointly used, the scope of those who will jointly use such data, the purpose of the joint use, and the name of the person responsible for the management of such Personal Data (including, in the case of a corporation, the name of its representative).

Article 7 (Cookies and Information Collection Modules)

1. The Service may use cookies and other information collection modules selected by the Company (collectively, "Cookies, etc.") to analyze how the Service is used. In connection therewith, the Company may provide User Information to the providers of such information collection modules. Cookies, etc. collect User Information without in themselves containing information that identifies individuals, and the information collected is managed in accordance with the privacy policies and other rules established by each provider of the information collection modules.
2. Users can disable Cookies, etc. through their browser settings, and may also configure their own settings on the Service regarding the use of Cookies, etc. However, if Cookies, etc. are disabled, the usability of the Service may be reduced or the scope of the Service available to the user may be limited.
3. The Company uses information obtained through Cookies, etc. to operate and maintain the quality of the Service, to improve the Service, and to develop and improve new services.

Article 8 (Security Management)

1. In order to prevent the leakage, loss, or damage of User Information and otherwise protect User Information, the Company shall implement necessary and appropriate measures for the security management of User Information, including restricting access to Personal Information files and Anonymously Processed Information, limiting the number of persons with access rights to the minimum necessary, and introducing security software to prevent unauthorized external access.
2. The Company designates a responsible officer as the manager of User Information and implements the proper management and continuous improvement of User Information.
3. In the unlikely event that an incident such as a leakage of a user's Personal Information occurs, the Company shall promptly report to the competent supervisory authority in accordance with the APPI and related guidelines, and shall take necessary actions such as measures to prevent similar incidents and to prevent recurrence in accordance with the instructions of such supervisory authority.

Article 9 (Responses to Requests from Users for Disclosure, Correction, Suspension of Use, etc.)

1. When a user requests disclosure of Personal Information pursuant to the APPI, the Company shall, after confirming that the request is made by the user in question, disclose the relevant Personal Information to the user without delay by electronic records or other appropriate means (or, if the Personal Information does not exist, shall notify the user to that effect). However, this shall not apply where the Company is not obligated to make such disclosure under the APPI or other laws and regulations.
2. If a user, pursuant to the APPI, (i) requests correction of Personal Information held by the Company on the grounds that such information is not true, or (ii) requests suspension of use of Personal Information on the grounds that it is being handled beyond the scope of the publicly announced purposes of use or that it was collected through deception or other wrongful means, the Company shall, after confirming that the request is made by the user in question, promptly conduct necessary investigations and, based on the results, correct the Personal Information or suspend its use, and notify the user accordingly. If the Company decides, based on reasonable grounds, not to make such correction or suspend such use, the Company shall notify the user to that effect.

Article 10 (Changes to This Policy)

1. The Company shall review the operational status of the handling of User Information from time to time, strive for continuous improvement, and may revise this Policy as necessary.
2. The Company shall notify users of any revised Policy by posting it on the Service or on our website or by other readily understandable means. However, if the revision involves changes that require the user's consent under applicable laws and regulations, the Company shall obtain the user's consent by a method separately designated by the Company.

Article 11 (Contact)

For any opinions, questions, complaints, or other inquiries regarding the Company's handling of User Information, please contact us through the following contact point.

Contact point	cactuz Inc. — User Information Inquiry Desk
Contact email	info@thelesson.jp
Personal Information Manager	Representative Director of the Company
Hours	Weekdays 10:00–18:00 (JST)

* Depending on the date and time of inquiry, it may take some time to respond. Thank you for your understanding in advance.

---

[Established: January 20, 2025]
[Revised: April 21, 2025]